Struct daml_util::DamlSandboxTokenBuilder

pub struct DamlSandboxTokenBuilder { /* private fields */ }

Build JWT tokens suitable for use in the Daml Sandbox.

The Daml Sandbox support the use JWT tokens for authentication. The following JSON structure represents the claims that may be supplied (see here for details):

{
  "https://daml.com/ledger-api": {
    "ledgerId": "my-ledger",
    "participantId": null,
    "applicationId": null,
    "admin": true,
    "actAs": ["Alice"],
    "readAs": ["Alice", "Bob"]
  },
  "exp": 1300819380,
}

All ledger API endpoints support passing a Bearer token in the authentication http header. This builder produces bearer token strings in HS256, RS256 & EC256 formats which are suitable for use by the Daml ledger API.

Note that test JWT tokens created with https://jwt.io/ will, by default, place the alg attribute ahead of the typ attribute in the header whereas the library used here will places them the opposite wa around. Whilst both produce valid tokens this can be confusing when trying to compare examples.

Examples

A HS256 (shared secret) bearer token matching the example above can be created as follows:

use daml_util::DamlSandboxTokenBuilder;

let token = DamlSandboxTokenBuilder::new_with_expiry(1300819380)
    .ledger_id("my-ledger")
    .admin(true)
    .act_as(vec!["Alice".to_owned()])
    .read_as(vec!["Alice".to_owned(), "Bob".to_owned()])
    .new_hs256_unsafe_token("some secret phrase")?;

The generated token can then supplied to the DamlGrpcClientBuilder via the with_auth method as follows:

use daml_grpc::DamlGrpcClientBuilder;
use daml_util::DamlSandboxTokenBuilder;

let token = DamlSandboxTokenBuilder::new_with_expiry(1300819380)
    .ledger_id("my-ledger")
    .admin(true)
    .act_as(vec!["Alice".to_owned()])
    .read_as(vec!["Alice".to_owned(), "Bob".to_owned()])
    .new_ec256_token("... EC256 key in bytes ...")?;

let ledger_client = DamlGrpcClientBuilder::uri("http://localhost:8080").with_auth(token).connect().await?;

Implementations

impl DamlSandboxTokenBuilder

pub fn new_with_duration_secs(secs: i64) -> Self

Create with an expiry relative to the current system time.

pub fn new_with_expiry(timestamp: i64) -> Self

Create with an absolute expiry timestamp (unix).

pub fn ledger_id(self, ledger_id: impl Into<String>) -> Self

DOCME

pub fn participant_id(self, participant_id: impl Into<String>) -> Self

DOCME

pub fn application_id(self, application_id: impl Into<String>) -> Self

DOCME

pub fn admin(self, admin: bool) -> Self

DOCME

pub fn act_as(self, act_as: Vec<String>) -> Self

DOCME

pub fn read_as(self, read_as: Vec<String>) -> Self

DOCME

pub fn new_hs256_unsafe_token(
    self,
    secret: impl AsRef<[u8]>
) -> DamlSandboxAuthResult<String>

Create a new HS256 JWT token based on a shared secret.

This approach is considered unsafe for production use and should be used for local testing only. Note that whilst the method name contains the word unsafe to highlight the above, the method does not contain any unsafe blocks or call any unsafe methods.

pub fn new_rs256_token(
    self,
    rsa_pem: impl AsRef<[u8]>
) -> DamlSandboxAuthResult<String>

Create a new RS256 JWT token based on the supplied RSA key.

The key is expected to be in pem format.

pub fn new_ec256_token(
    self,
    ec_pem: impl AsRef<[u8]>
) -> DamlSandboxAuthResult<String>

Create a new EC256 JWT token based on the supplied RSA key.

The key is expected to be in pem format.

pub fn claims_json(&self) -> DamlSandboxAuthResult<String>

Render the token claims as a JSON string.

Trait Implementations

impl Clone for DamlSandboxTokenBuilder

fn clone(&self) -> DamlSandboxTokenBuilder

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Default for DamlSandboxTokenBuilder

fn default() -> DamlSandboxTokenBuilder

Returns the “default value” for a type.